Vulnerability Description
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Totolink | A830R Firmware | 5.9c.4729_b20191112 |
| Totolink | A830R | - |
| Totolink | A3100R Firmware | 4.1.2cu.5050_b20200504 |
| Totolink | A3100R | - |
| Totolink | A950Rg Firmware | 4.1.2cu.5161_b20200903 |
| Totolink | A950Rg | - |
| Totolink | A800R Firmware | 4.1.2cu.5137_b20200730 |
| Totolink | A800R | - |
| Totolink | A3000Ru Firmware | 5.9c.5185_b20201128 |
| Totolink | A3000Ru | - |
| Totolink | A810R Firmware | 4.1.2cu.5182_b20201026 |
| Totolink | A810R | - |
Related Weaknesses (CWE)
References
- https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_23/23.mdExploitThird Party Advisory
- https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_23/23.mdExploitThird Party Advisory
FAQ
What is CVE-2022-26210?
CVE-2022-26210 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were...
How severe is CVE-2022-26210?
CVE-2022-26210 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-26210?
Check the references section above for vendor advisories and patch information. Affected products include: Totolink A830R Firmware, Totolink A830R, Totolink A3100R Firmware, Totolink A3100R, Totolink A950Rg Firmware.